diff --git a/boot/bootutil/include/bootutil/bootutil_public.h b/boot/bootutil/include/bootutil/bootutil_public.h index e2795ab3e..e56580779 100644 --- a/boot/bootutil/include/bootutil/bootutil_public.h +++ b/boot/bootutil/include/bootutil/bootutil_public.h @@ -302,6 +302,12 @@ boot_set_next(const struct flash_area *fa, bool active, bool confirm); /** * Attempts to load image header from flash; verifies flash header fields. * + * The selected update method (i.e. swap move) may impose additional restrictions + * on the image size (i.e. due to the presence of the image trailer). + * Such restrictions are not verified by this function. + * These checks are implemented as part of the boot_image_validate(..) that uses + * sizes from the bootutil_max_image_size(..). + * * @param[in] fa_p flash area pointer * @param[out] hdr buffer for image header * diff --git a/boot/bootutil/src/bootutil_misc.c b/boot/bootutil/src/bootutil_misc.c index 91cfdf9c6..21a7d552e 100644 --- a/boot/bootutil/src/bootutil_misc.c +++ b/boot/bootutil/src/bootutil_misc.c @@ -42,6 +42,9 @@ #ifdef MCUBOOT_ENC_IMAGES #include "bootutil/enc_key.h" #endif +#if defined(MCUBOOT_SWAP_USING_MOVE) || defined(MCUBOOT_SWAP_USING_OFFSET) +#include "swap_priv.h" +#endif #if defined(MCUBOOT_DECOMPRESS_IMAGES) #include @@ -482,18 +485,8 @@ uint32_t bootutil_max_image_size(struct boot_loader_state *state, const struct f return slot_trailer_off - trailer_padding; #elif defined(MCUBOOT_SWAP_USING_MOVE) || defined(MCUBOOT_SWAP_USING_OFFSET) - (void) state; - - struct flash_sector sector; - /* get the last sector offset */ - int rc = flash_area_get_sector(fap, boot_status_off(fap), §or); - if (rc) { - BOOT_LOG_ERR("Unable to determine flash sector of the image trailer"); - return 0; /* Returning of zero here should cause any check which uses - * this value to fail. - */ - } - return flash_sector_get_off(§or); + (void) fap; + return app_max_size(state); #elif defined(MCUBOOT_OVERWRITE_ONLY) (void) state; return boot_swap_info_off(fap); diff --git a/boot/bootutil/src/image_validate.c b/boot/bootutil/src/image_validate.c index f7118e3e7..b0b37ea05 100644 --- a/boot/bootutil/src/image_validate.c +++ b/boot/bootutil/src/image_validate.c @@ -501,6 +501,7 @@ bootutil_img_validate(struct boot_loader_state *state, uint32_t off; uint16_t len; uint16_t type; + uint32_t img_sz; #ifdef EXPECTED_SIG_TLV FIH_DECLARE(valid_signature, FIH_FAILURE); #ifndef MCUBOOT_BUILTIN_KEY @@ -637,7 +638,13 @@ bootutil_img_validate(struct boot_loader_state *state, goto out; } - if (it.tlv_end > bootutil_max_image_size(state, fap)) { +#ifdef MCUBOOT_SWAP_USING_OFFSET + img_sz = it.tlv_end - it.start_off; +#else + img_sz = it.tlv_end; +#endif + + if (img_sz > bootutil_max_image_size(state, fap)) { rc = -1; goto out; } diff --git a/boot/bootutil/src/swap_move.c b/boot/bootutil/src/swap_move.c index 07da2aa93..ed0947076 100644 --- a/boot/bootutil/src/swap_move.c +++ b/boot/bootutil/src/swap_move.c @@ -227,29 +227,6 @@ boot_status_internal_off(const struct boot_status *bs, int elem_sz) return off; } -static int app_max_sectors(struct boot_loader_state *state) -{ - uint32_t sz = 0; - uint32_t sector_sz; - uint32_t trailer_sz; - uint32_t first_trailer_idx; - - sector_sz = boot_img_sector_size(state, BOOT_PRIMARY_SLOT, 0); - trailer_sz = boot_trailer_sz(BOOT_WRITE_SZ(state)); - /* subtract 1 for swap and at least 1 for trailer */ - first_trailer_idx = boot_img_num_sectors(state, BOOT_PRIMARY_SLOT) - 2; - - while (1) { - sz += sector_sz; - if (sz >= trailer_sz) { - break; - } - first_trailer_idx--; - } - - return first_trailer_idx; -} - int boot_slots_compatible(struct boot_loader_state *state) { @@ -270,19 +247,16 @@ boot_slots_compatible(struct boot_loader_state *state) size_t sector_sz_pri = 0; size_t sector_sz_sec = 0; size_t i; - size_t num_usable_sectors_pri; num_sectors_pri = boot_img_num_sectors(state, BOOT_PRIMARY_SLOT); num_sectors_sec = boot_img_num_sectors(state, BOOT_SECONDARY_SLOT); - num_usable_sectors_pri = app_max_sectors(state); if ((num_sectors_pri != num_sectors_sec) && - (num_sectors_pri != (num_sectors_sec + 1)) && - (num_usable_sectors_pri != (num_sectors_sec + 1))) { + (num_sectors_pri != (num_sectors_sec + 1))) { BOOT_LOG_WRN("Cannot upgrade: not a compatible amount of sectors"); BOOT_LOG_DBG("slot0 sectors: %d, slot1 sectors: %d, usable slot0 sectors: %d", (int)num_sectors_pri, (int)num_sectors_sec, - (int)(num_usable_sectors_pri - 1)); + (int)(num_sectors_pri - 1)); return 0; } else if (num_sectors_pri > BOOT_MAX_IMG_SECTORS) { BOOT_LOG_WRN("Cannot upgrade: more sectors than allowed"); @@ -292,7 +266,7 @@ boot_slots_compatible(struct boot_loader_state *state) /* Optimal says primary has one more than secondary. Always. Both have trailers. */ if (num_sectors_pri != (num_sectors_sec + 1)) { BOOT_LOG_DBG("Non-optimal sector distribution, slot0 has %d usable sectors (%d assigned) " - "but slot1 has %d assigned", (int)num_usable_sectors_pri, + "but slot1 has %d assigned", (int)(num_sectors_pri - 1), (int)num_sectors_pri, (int)num_sectors_sec); } @@ -353,7 +327,6 @@ swap_status_source(struct boot_loader_state *state) struct boot_swap_state state_primary_slot; struct boot_swap_state state_secondary_slot; int rc; - uint8_t source; uint8_t image_index; #if (BOOT_IMAGE_NUMBER == 1) @@ -378,10 +351,8 @@ swap_status_source(struct boot_loader_state *state) state_primary_slot.copy_done == BOOT_FLAG_UNSET && state_secondary_slot.magic != BOOT_MAGIC_GOOD) { - source = BOOT_STATUS_SOURCE_PRIMARY_SLOT; - BOOT_LOG_INF("Boot source: primary slot"); - return source; + return BOOT_STATUS_SOURCE_PRIMARY_SLOT; } BOOT_LOG_INF("Boot source: none"); @@ -603,11 +574,23 @@ swap_run(struct boot_loader_state *state, struct boot_status *bs, int app_max_size(struct boot_loader_state *state) { - uint32_t sector_sz_primary; + uint32_t available_pri_sz; + uint32_t available_sec_sz; + + size_t trailer_sz = boot_trailer_sz(BOOT_WRITE_SZ(state)); + size_t sector_sz = boot_img_sector_size(state, BOOT_PRIMARY_SLOT, 0); + size_t padding_sz = sector_sz; - sector_sz_primary = boot_img_sector_size(state, BOOT_PRIMARY_SLOT, 0); + /* The trailer size needs to be sector-aligned */ + trailer_sz = ALIGN_UP(trailer_sz, sector_sz); + + /* The slot whose size is used to compute the maximum image size must be the one containing the + * padding required for the swap. + */ + available_pri_sz = boot_img_num_sectors(state, BOOT_PRIMARY_SLOT) * sector_sz - trailer_sz - padding_sz; + available_sec_sz = boot_img_num_sectors(state, BOOT_SECONDARY_SLOT) * sector_sz - trailer_sz; - return app_max_sectors(state) * sector_sz_primary; + return (available_pri_sz < available_sec_sz ? available_pri_sz : available_sec_sz); } #endif diff --git a/boot/bootutil/src/swap_offset.c b/boot/bootutil/src/swap_offset.c index dd991dab9..597be4536 100644 --- a/boot/bootutil/src/swap_offset.c +++ b/boot/bootutil/src/swap_offset.c @@ -302,33 +302,6 @@ uint32_t boot_status_internal_off(const struct boot_status *bs, int elem_sz) return off; } -static int app_max_sectors(struct boot_loader_state *state) -{ - uint32_t sz = 0; - uint32_t sector_sz; - uint32_t trailer_sz; - uint32_t available_sectors_pri; - uint32_t available_sectors_sec; - uint32_t trailer_sectors = 0; - - sector_sz = boot_img_sector_size(state, BOOT_PRIMARY_SLOT, 0); - trailer_sz = boot_trailer_sz(BOOT_WRITE_SZ(state)); - - while (1) { - sz += sector_sz; - ++trailer_sectors; - - if (sz >= trailer_sz) { - break; - } - } - - available_sectors_pri = boot_img_num_sectors(state, BOOT_PRIMARY_SLOT) - trailer_sectors; - available_sectors_sec = boot_img_num_sectors(state, BOOT_SECONDARY_SLOT) - 1; - - return (available_sectors_pri < available_sectors_sec ? available_sectors_pri : available_sectors_sec); -} - int boot_slots_compatible(struct boot_loader_state *state) { size_t num_sectors_pri; @@ -336,32 +309,30 @@ int boot_slots_compatible(struct boot_loader_state *state) size_t sector_sz_pri = 0; size_t sector_sz_sec = 0; size_t i; - size_t num_usable_sectors; num_sectors_pri = boot_img_num_sectors(state, BOOT_PRIMARY_SLOT); num_sectors_sec = boot_img_num_sectors(state, BOOT_SECONDARY_SLOT); - num_usable_sectors = app_max_sectors(state); if (num_sectors_pri != num_sectors_sec && - (num_sectors_pri + 1) != num_sectors_sec && - num_usable_sectors != (num_sectors_sec - 1)) { + (num_sectors_pri + 1) != num_sectors_sec) { BOOT_LOG_WRN("Cannot upgrade: not a compatible amount of sectors"); BOOT_LOG_DBG("slot0 sectors: %d, slot1 sectors: %d, usable sectors: %d", (int)num_sectors_pri, (int)num_sectors_sec, - (int)(num_usable_sectors)); + (int)(num_sectors_sec - 1)); return 0; } else if (num_sectors_pri > BOOT_MAX_IMG_SECTORS) { BOOT_LOG_WRN("Cannot upgrade: more sectors than allowed"); return 0; } - if ((num_usable_sectors + 1) != num_sectors_sec) { + /* Optimal says secondary has one more than primary. Always. Both have trailers. */ + if ((num_sectors_pri + 1) != num_sectors_sec) { BOOT_LOG_DBG("Non-optimal sector distribution, slot0 has %d usable sectors " - "but slot1 has %d usable sectors", (int)(num_usable_sectors), + "but slot1 has %d usable sectors", (int)(num_sectors_pri), ((int)num_sectors_sec - 1)); } - for (i = 0; i < num_usable_sectors; i++) { + for (i = 0; i < (num_sectors_sec - 1); i++) { sector_sz_pri = boot_img_sector_size(state, BOOT_PRIMARY_SLOT, i); sector_sz_sec = boot_img_sector_size(state, BOOT_SECONDARY_SLOT, i); @@ -417,7 +388,6 @@ int swap_status_source(struct boot_loader_state *state) struct boot_swap_state state_primary_slot; struct boot_swap_state state_secondary_slot; int rc; - uint8_t source; uint8_t image_index; #if (BOOT_IMAGE_NUMBER == 1) @@ -439,10 +409,8 @@ int swap_status_source(struct boot_loader_state *state) state_primary_slot.copy_done == BOOT_FLAG_UNSET && state_secondary_slot.magic != BOOT_MAGIC_GOOD) { - source = BOOT_STATUS_SOURCE_PRIMARY_SLOT; - BOOT_LOG_INF("Boot source: primary slot"); - return source; + return BOOT_STATUS_SOURCE_PRIMARY_SLOT; } BOOT_LOG_INF("Boot source: none"); @@ -729,11 +697,23 @@ void swap_run(struct boot_loader_state *state, struct boot_status *bs, int app_max_size(struct boot_loader_state *state) { - uint32_t sector_sz_primary; + uint32_t available_pri_sz; + uint32_t available_sec_sz; + + size_t trailer_sz = boot_trailer_sz(BOOT_WRITE_SZ(state)); + size_t sector_sz = boot_img_sector_size(state, BOOT_PRIMARY_SLOT, 0); + size_t padding_sz = sector_sz; + + /* The trailer size needs to be sector-aligned */ + trailer_sz = ALIGN_UP(trailer_sz, sector_sz); - sector_sz_primary = boot_img_sector_size(state, BOOT_PRIMARY_SLOT, 0); + /* The slot whose size is used to compute the maximum image size must be the one containing the + * padding required for the swap. + */ + available_pri_sz = boot_img_num_sectors(state, BOOT_PRIMARY_SLOT) * sector_sz - trailer_sz; + available_sec_sz = boot_img_num_sectors(state, BOOT_SECONDARY_SLOT) * sector_sz - trailer_sz - padding_sz; - return app_max_sectors(state) * sector_sz_primary; + return (available_pri_sz < available_sec_sz ? available_pri_sz : available_sec_sz); } /* Compute the total size of the given image. Includes the size of the TLVs. */ diff --git a/boot/bootutil/src/swap_scratch.c b/boot/bootutil/src/swap_scratch.c index 30837580a..f26c45e4a 100644 --- a/boot/bootutil/src/swap_scratch.c +++ b/boot/bootutil/src/swap_scratch.c @@ -920,7 +920,7 @@ int app_max_size(struct boot_loader_state *state) fap = BOOT_IMG_AREA(state, active_slot); assert(fap != NULL); - primary_sz = flash_area_get_size(fap); + primary_sz = bootutil_max_image_size(state, fap); if (active_slot == BOOT_PRIMARY_SLOT) { active_slot = BOOT_SECONDARY_SLOT; @@ -930,7 +930,7 @@ int app_max_size(struct boot_loader_state *state) fap = BOOT_IMG_AREA(state, active_slot); assert(fap != NULL); - secondary_sz = flash_area_get_size(fap); + secondary_sz = bootutil_max_image_size(state, fap); return (secondary_sz < primary_sz ? secondary_sz : primary_sz); } diff --git a/sim/src/image.rs b/sim/src/image.rs index dcea8c577..a8f360471 100644 --- a/sim/src/image.rs +++ b/sim/src/image.rs @@ -234,21 +234,21 @@ impl ImagesBuilder { let (primaries,upgrades) = if img_manipulation == ImageManipulation::CorruptHigherVersionImage && !higher_version_corrupted { higher_version_corrupted = true; - let prim = install_image(&mut flash, &self.areadesc, &slots[0], - maximal(42784), &ram, &*dep, ImageManipulation::None, Some(0), false); + let prim = install_image(&mut flash, &self.areadesc, &slots, 0, + maximal(42784), &ram, &*dep, ImageManipulation::None, Some(0)); let upgr = match deps.depends[image_num] { DepType::NoUpgrade => install_no_image(), - _ => install_image(&mut flash, &self.areadesc, &slots[1], - maximal(46928), &ram, &*dep, ImageManipulation::BadSignature, Some(0), true) + _ => install_image(&mut flash, &self.areadesc, &slots, 1, + maximal(46928), &ram, &*dep, ImageManipulation::BadSignature, Some(0)) }; (prim, upgr) } else { - let prim = install_image(&mut flash, &self.areadesc, &slots[0], - maximal(42784), &ram, &*dep, img_manipulation, Some(0), false); + let prim = install_image(&mut flash, &self.areadesc, &slots, 0, + maximal(42784), &ram, &*dep, img_manipulation, Some(0)); let upgr = match deps.depends[image_num] { DepType::NoUpgrade => install_no_image(), - _ => install_image(&mut flash, &self.areadesc, &slots[1], - maximal(46928), &ram, &*dep, img_manipulation, Some(0), true) + _ => install_image(&mut flash, &self.areadesc, &slots, 1, + maximal(46928), &ram, &*dep, img_manipulation, Some(0)) }; (prim, upgr) }; @@ -298,10 +298,10 @@ impl ImagesBuilder { let ram = self.ram.clone(); // TODO: Avoid this clone. let images = self.slots.into_iter().enumerate().map(|(image_num, slots)| { let dep = BoringDep::new(image_num, &NO_DEPS); - let primaries = install_image(&mut bad_flash, &self.areadesc, &slots[0], - maximal(32784), &ram, &dep, ImageManipulation::None, Some(0), false); - let upgrades = install_image(&mut bad_flash, &self.areadesc, &slots[1], - maximal(41928), &ram, &dep, ImageManipulation::BadSignature, Some(0), true); + let primaries = install_image(&mut bad_flash, &self.areadesc, &slots, 0, + maximal(32784), &ram, &dep, ImageManipulation::None, Some(0)); + let upgrades = install_image(&mut bad_flash, &self.areadesc, &slots, 1, + maximal(41928), &ram, &dep, ImageManipulation::BadSignature, Some(0)); OneImage { slots, primaries, @@ -321,10 +321,10 @@ impl ImagesBuilder { let ram = self.ram.clone(); // TODO: Avoid this clone. let images = self.slots.into_iter().enumerate().map(|(image_num, slots)| { let dep = BoringDep::new(image_num, &NO_DEPS); - let primaries = install_image(&mut bad_flash, &self.areadesc, &slots[0], - maximal(32784), &ram, &dep, ImageManipulation::None, Some(0), false); - let upgrades = install_image(&mut bad_flash, &self.areadesc, &slots[1], - ImageSize::Oversized, &ram, &dep, ImageManipulation::None, Some(0), true); + let primaries = install_image(&mut bad_flash, &self.areadesc, &slots, 0, + maximal(32784), &ram, &dep, ImageManipulation::None, Some(0)); + let upgrades = install_image(&mut bad_flash, &self.areadesc, &slots, 1, + ImageSize::Oversized, &ram, &dep, ImageManipulation::None, Some(0)); OneImage { slots, primaries, @@ -344,8 +344,8 @@ impl ImagesBuilder { let ram = self.ram.clone(); // TODO: Avoid this clone. let images = self.slots.into_iter().enumerate().map(|(image_num, slots)| { let dep = BoringDep::new(image_num, &NO_DEPS); - let primaries = install_image(&mut flash, &self.areadesc, &slots[0], - maximal(32784), &ram, &dep,ImageManipulation::None, Some(0), false); + let primaries = install_image(&mut flash, &self.areadesc, &slots, 0, + maximal(32784), &ram, &dep,ImageManipulation::None, Some(0)); let upgrades = install_no_image(); OneImage { slots, @@ -367,8 +367,8 @@ impl ImagesBuilder { let images = self.slots.into_iter().enumerate().map(|(image_num, slots)| { let dep = BoringDep::new(image_num, &NO_DEPS); let primaries = install_no_image(); - let upgrades = install_image(&mut flash, &self.areadesc, &slots[1], - maximal(32784), &ram, &dep, ImageManipulation::None, Some(0), true); + let upgrades = install_image(&mut flash, &self.areadesc, &slots, 1, + maximal(32784), &ram, &dep, ImageManipulation::None, Some(0)); OneImage { slots, primaries, @@ -389,8 +389,8 @@ impl ImagesBuilder { let images = self.slots.into_iter().enumerate().map(|(image_num, slots)| { let dep = BoringDep::new(image_num, &NO_DEPS); let primaries = install_no_image(); - let upgrades = install_image(&mut flash, &self.areadesc, &slots[1], - ImageSize::Oversized, &ram, &dep, ImageManipulation::None, Some(0), true); + let upgrades = install_image(&mut flash, &self.areadesc, &slots, 1, + ImageSize::Oversized, &ram, &dep, ImageManipulation::None, Some(0)); OneImage { slots, primaries, @@ -411,10 +411,10 @@ impl ImagesBuilder { let ram = self.ram.clone(); // TODO: Avoid this clone. let images = self.slots.into_iter().enumerate().map(|(image_num, slots)| { let dep = BoringDep::new(image_num, &NO_DEPS); - let primaries = install_image(&mut flash, &self.areadesc, &slots[0], - maximal(32784), &ram, &dep, ImageManipulation::None, security_cnt, false); - let upgrades = install_image(&mut flash, &self.areadesc, &slots[1], - maximal(41928), &ram, &dep, ImageManipulation::None, security_cnt.map(|v| v + 1), true); + let primaries = install_image(&mut flash, &self.areadesc, &slots, 0, + maximal(32784), &ram, &dep, ImageManipulation::None, security_cnt); + let upgrades = install_image(&mut flash, &self.areadesc, &slots, 1, + maximal(41928), &ram, &dep, ImageManipulation::None, security_cnt.map(|v| v + 1)); OneImage { slots, primaries, @@ -1747,6 +1747,7 @@ fn show_flash(flash: &dyn Flash) { #[derive(Debug)] enum ImageSize { /// Make the image the specified given size. + #[allow(dead_code)] Given(usize), /// Make the image as large as it can be for the partition/device. Largest, @@ -1819,19 +1820,52 @@ fn image_largest_trailer(dev: &dyn Flash, areadesc: &AreaDesc, slot: &SlotInfo) trailer } +// Computes the padding required in the primary or secondary slot to be able to perform an upgrade. +// This is needed only for the swap-move and swap-offset upgrade strategies. +fn required_slot_padding(dev: &dyn Flash) -> usize { + let mut required_padding = 0; + + if Caps::SwapUsingMove.present() || Caps::SwapUsingOffset.present() { + // Assumes equally-sized sectors + let sector_size = dev.sector_iter().next().unwrap().size; + + required_padding = sector_size; + }; + + required_padding +} + +// Computes the largest possible firmware image size, not including the header and TLV area. +fn compute_largest_image_size(dev: &dyn Flash, areadesc: &AreaDesc, slots: &[SlotInfo], + slot_ind: usize, hdr_size: usize, tlv: &dyn ManifestGen) -> usize { + let slot_len = if Caps::SwapUsingOffset.present() { + slots[1].len + } else { + slots[0].len + }; + + let trailer = image_largest_trailer(dev, areadesc, &slots[slot_ind]); + let padding = required_slot_padding(dev); + let tlv_len = tlv.estimate_size(); + info!("slot: 0x{:x}, HDR: 0x{:x}, trailer: 0x{:x}, tlv_len: 0x{:x}, padding: 0x{:x}", + slot_len, hdr_size, trailer, tlv_len, padding); + + slot_len - hdr_size - trailer - tlv_len - padding +} + /// Install a "program" into the given image. This fakes the image header, or at least all of the /// fields used by the given code. Returns a copy of the image that was written. -fn install_image(flash: &mut SimMultiFlash, areadesc: &AreaDesc, slot: &SlotInfo, len: ImageSize, - ram: &RamData, - deps: &dyn Depender, img_manipulation: ImageManipulation, security_counter:Option, secondary_slot:bool) -> ImageData { +fn install_image(flash: &mut SimMultiFlash, areadesc: &AreaDesc, slots: &[SlotInfo], + slot_ind: usize, len: ImageSize, ram: &RamData, + deps: &dyn Depender, img_manipulation: ImageManipulation, security_counter:Option) -> ImageData { + let slot = &slots[slot_ind]; let mut offset = slot.base_off; - let slot_len = slot.len; let dev_id = slot.dev_id; let dev = flash.get_mut(&dev_id).unwrap(); let mut tlv: Box = Box::new(make_tlv()); - if Caps::SwapUsingOffset.present() && secondary_slot { + if Caps::SwapUsingOffset.present() && slot_ind == 1 { let sector_size = dev.sector_iter().next().unwrap().size as usize; offset += sector_size; } @@ -1863,30 +1897,13 @@ fn install_image(flash: &mut SimMultiFlash, areadesc: &AreaDesc, slot: &SlotInfo let len = match len { ImageSize::Given(size) => size, - ImageSize::Largest => { - let trailer = image_largest_trailer(dev, &areadesc, &slot); - let tlv_len = tlv.estimate_size(); - info!("slot: 0x{:x}, HDR: 0x{:x}, trailer: 0x{:x}", - slot_len, HDR_SIZE, trailer); - slot_len - HDR_SIZE - trailer - tlv_len - }, + ImageSize::Largest => compute_largest_image_size(dev, areadesc, slots, slot_ind, + HDR_SIZE, tlv.as_ref()), ImageSize::Oversized => { - let trailer = image_largest_trailer(dev, &areadesc, &slot); - let tlv_len = tlv.estimate_size(); - let mut sector_offset = 0; - - if Caps::SwapUsingOffset.present() && secondary_slot { - // This accounts for when both slots have the same size, it will not work where - // the second slot is one sector larger than the primary - sector_offset = dev.sector_iter().next().unwrap().size as usize; - } - - info!("slot: 0x{:x}, HDR: 0x{:x}, trailer: 0x{:x}", - slot_len, HDR_SIZE, trailer); - - slot_len - HDR_SIZE - trailer - tlv_len - sector_offset + dev.align() + let largest_img_sz = compute_largest_image_size(dev, areadesc, slots, slot_ind, + HDR_SIZE, tlv.as_ref()); + largest_img_sz + dev.align() } - }; // Generate a boot header. Note that the size doesn't include the header. @@ -1995,7 +2012,7 @@ fn install_image(flash: &mut SimMultiFlash, areadesc: &AreaDesc, slot: &SlotInfo enc_copy = Some(enc); - dev.erase(offset, slot_len).unwrap(); + dev.erase(offset, slot.len).unwrap(); } else { enc_copy = None; } @@ -2020,7 +2037,7 @@ fn install_image(flash: &mut SimMultiFlash, areadesc: &AreaDesc, slot: &SlotInfo let enc_copy: Option>; if is_encrypted { - dev.erase(offset, slot_len).unwrap(); + dev.erase(offset, slot.len).unwrap(); dev.write(offset, &encbuf).unwrap(); @@ -2394,15 +2411,8 @@ trait AsRaw : Sized { /// Determine whether it makes sense to test this configuration with a maximally-sized image. /// Returns an ImageSize representing the best size to test, possibly just with the given size. -fn maximal(size: usize) -> ImageSize { - if Caps::OverwriteUpgrade.present() || - Caps::SwapUsingOffset.present() || - Caps::SwapUsingMove.present() - { - ImageSize::Given(size) - } else { - ImageSize::Largest - } +fn maximal(_size: usize) -> ImageSize { + ImageSize::Largest } pub fn show_sizes() { diff --git a/sim/tests/core.rs b/sim/tests/core.rs index ee941fe1c..c246aa848 100644 --- a/sim/tests/core.rs +++ b/sim/tests/core.rs @@ -58,8 +58,6 @@ sim_test!(revert_with_fails, make_image(&NO_DEPS, false), run_revert_with_fails( sim_test!(perm_with_fails, make_image(&NO_DEPS, true), run_perm_with_fails()); sim_test!(perm_with_random_fails, make_image(&NO_DEPS, true), run_perm_with_random_fails(5)); sim_test!(norevert, make_image(&NO_DEPS, true), run_norevert()); - -#[cfg(not(feature = "max-align-32"))] sim_test!(oversized_secondary_slot, make_oversized_secondary_slot_image(), run_oversizefail_upgrade()); sim_test!(status_write_fails_complete, make_image(&NO_DEPS, true), run_with_status_fails_complete());